Hello,<br> I figured as much. We know that the problem doesn't lie
in openswan but probably in iptables. Now I am not the one who put this
all together so I don't know the details. I do know that there isn't an
interface, it's all in the kernel (2.6). I am CCing the guy who did the
work. What I am hoping is that someone has had the exact same or
similar problem who can tell us what is wrong. <br>
I just tried eroute and got this message:<br>"/usr/lib/ipsec/eroute: No eroute table - no IPsec support in kernel (are the modules loaded?)"<br> THoughts?<br><br clear="all">Jay<br><br><div class="gmail_quote">
On Wed, Sep 16, 2009 at 9:47 AM, Erich Titl <span dir="ltr"><<a href="mailto:erich.titl@think.ch">erich.titl@think.ch</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im"><br>
<br>
Jay Smith wrote:<br>
> Hello,<br>
> How are you doing? I figured that is the issue. Have you ever used<br>
> iptables with openswan,<br>
<br>
</div>Yes, but basically they have nothing to do with each other, except for<br>
possibly blocking traffic. If you suspect the firewall being the<br>
culprit, then look at the firewall logs.<br>
<div class="im"><br>
maybe you can give me a specific idea of what to<br>
> do. When setting up OpenSwan, is there anything I need to setup on<br>
> iptables or the iproute or anything? Let me know, this has been a major<br>
> pain. Thanks!<br>
<br>
</div>Typically the tunnel routes should be set by OpenSwan itself. If you use<br>
2.4 then you can sniff on the ipsec interface, for 2.6, using the kernel<br>
implementation it is more difficult.<br>
<br>
ipsec eroute should give you an idea which way the packets should go. It<br>
also tells you if your tunnels are up.<br>
<br>
cheers<br>
<font color="#888888"><br>
Erich<br>
<br>
</font></blockquote></div><br>